1. Technical Field
The present invention relates to the field of computer software and, more particularly, to methods and apparatus to manage multiple user identities such that the user need only maintain a single user identity.
2. Description of Related Art
As computers have infiltrated society over the past several decades and become more important in all aspects of modern life, more and more confidential information has been stored on computer databases. However, computers and networks such as the Internet allow multitudes of users to access databases. Many times multiple databases may be accessed via the same network, but not all users on the network need or should have access to every database. Therefore, security devices have been implemented to prevent unauthorized access to a database.
One method of preventing unauthorized access is to require the user to provide user identification information to verify that that user is entitled to the information contained in the database. Thus, many database applications require a user to provide identification information, such as a user ID and password, in order to access a protected database. These applications may have this information fixed within the application (i.e., xe2x80x9chard codedxe2x80x9d), the application may be configured with the information, or, in some cases, the application may prompt the user for this information at run time.
However, databases are not the only computer resources requiring a user to provide identifying information. Other resources such as servers and networks may also require users to provide identifying information. Because different resources have different security requirements and because some resources assign identities rather than allowing a user to choose, many users may have multiple identities depending on the particular resource that they are accessing. The database identity is yet another one that the user must maintain.
Global Sign-on (GSO) technology attempts to manage this set of multiple identities on behalf of a user so that the user only needs to maintain a single user identity. The user then allows the GSO to manage the other identities automatically whenever the user attempts to access a particular protected resource.
Current versions of GSO use a product technology referred to as Open Horizon to provide a single sign-on capability for databases. Open Horizon forwards all requests through a DCE client RPC mechanism to an Open Horizon server. The actual database request is then issued by the Open Horizon server. This technique requires a DCE client to be installed and configured on the client machine as well as the Open Horizon server to be installed and configured on the database server machine. However, it is desirable to have a global sign-on system that does not require any additional special client software to be installed and configured on the client machine. It is also desirable to have a global sign-on system that does not require an additional server.
The present invention provides a method in a data processing system for managing multiple identities for a single user. In a preferred embodiment, a request for content from a database, a service, or an application and a first user identity entered by a user is received at a database server. Responsive to a determination that retrieval of the content from the database requires providing the database with user information, the user""s database identity or other information associated with the database is retrieved from a library of database identities on the GSO server. The retrieved user identity information is then inserted into the request and the request is forwarded to the database.